If you are receiving spam or someone is using your domain to send spam, here is what you can do about it and how to report it.
Reduce spam hitting your inbox, then report persistent senders
Start by enabling SpamAssassin in cPanel (Email > Spam Filters) with auto-delete. This stops most spam before it reaches your inbox. For persistent senders, you can block them with email filters or report them to their ISP. See our full guide: Greatly Reduce SPAM.
01. If You Are Receiving Spam
- Enable SpamAssassin - cPanel > Email > Spam Filters. Enable auto-delete for messages scoring above 5. See Greatly Reduce SPAM.
- Block the sender - cPanel > Email > Email Filters. Create a filter to discard messages from specific addresses or domains.
- Report to the sender's ISP - Forward the spam (with full headers) to
abuse@the sender's domain. Most ISPs have an abuse department that investigates spam complaints. - Do not reply or unsubscribe - Replying confirms your address is active. Only unsubscribe from legitimate mailing lists you actually signed up for.
How to View Full Email Headers
In Roundcube webmail: open the message, click the "More" dropdown, select "Show source" or "View headers." In Outlook: open the message, go to File > Properties, and look at the "Internet Headers" field. The headers show the originating server IP, which you need when reporting to an ISP.
02. If Someone Is Spoofing Your Domain
If you are receiving bounced messages for emails you never sent, someone may be forging (spoofing) your domain in the From address. This is called a "joe job" and does not mean your account is compromised.
- Verify your account is secure - Change your email passwords in cPanel > Email Accounts
- Check SPF, DKIM, and DMARC - Properly configured authentication records tell receiving servers to reject spoofed emails. See Understanding Email Authentication.
- Set DMARC to reject - A DMARC policy of
p=rejecttells receiving servers to discard emails that fail SPF and DKIM checks, which prevents most spoofing.
03. If Spam Is Being Sent FROM Your Account
If our abuse team contacts you about spam originating from your hosting account, your site has likely been compromised. Common causes:
- Hacked WordPress or CMS - Outdated plugins or themes with known vulnerabilities. See How to Fix a Hacked WordPress Site.
- Compromised email credentials - Change all email passwords immediately.
- Insecure contact form - Forms without proper validation can be abused to relay spam. See Form Email Issues.
Need to Report Spam From an Ultra Web Hosting Account?
If you believe a website hosted on our servers is sending spam, forward the spam with full headers to our abuse team.
Report to SupportQuick Recap
- Enable SpamAssassin to filter incoming spam automatically
- Block senders with cPanel email filters
- Report persistent spam to
abuse@the sender's domain - Domain being spoofed? Set up SPF, DKIM, and DMARC
- Spam sent from your account? Your site may be compromised - act immediately
Fighting spam and protecting your domain · Last updated March 2026 · Browse all Email articles
